GCP Professional Cloud Architect Practice Question
Your organization has a centralized logging project that receives all Admin Activity audit logs from every Google Cloud project through an aggregated sink at the organization level. Security Operations must be paged whenever someone modifies a firewall rule in any production project. The team wants to rely only on Google-managed services, avoid writing custom code, and keep monitoring data localized in the central logging project to minimize operational overhead. Which design meets these requirements and follows Google-recommended practices for alerting on log events?
In the central logging project, define a user-defined logs-based counter metric filtered on the firewall Admin Activity log entries from production projects, and configure a Cloud Monitoring alerting policy that pages Security Operations when the metric's value increases.
Add an uptime check that probes the Cloud Firewall API in every production project and creates an alerting policy when the check fails.
Configure Cloud Asset Inventory feeds to write firewall-rule changes to BigQuery, then run a scheduled BigQuery job every minute to detect new rows and publish an alert message to Pub/Sub.
Deploy a Cloud Function in each production project that triggers from Pub/Sub-exported logs; the function increments a custom metric in Cloud Monitoring, which drives an alerting policy in the function's project.
A user-defined logs-based metric can be created in the central logging project because that project already receives all Admin Activity audit logs from the organization via the aggregated sink. The metric's filter should match compute.firewalls.create, compute.firewalls.update, and compute.firewalls.delete method names restricted to production projects. After the metric is created, Cloud Monitoring (in the same project) can use it as the signal in an alerting policy with a notification channel that pages Security Operations.
Creating per-project metrics would fragment visibility and increase maintenance, and Cloud Functions or external scripts are unnecessary because Cloud Logging and Monitoring natively support log filtering, metric creation, and alerting without custom code.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a user-defined logs-based metric in Google Cloud?
Open an interactive chat with Bash
What is an aggregated sink in Google Cloud Logging?
Open an interactive chat with Bash
Why is Cloud Monitoring preferred for alerting over custom code or external scripts?
Open an interactive chat with Bash
What is a user-defined logs-based metric in Google Cloud?
Open an interactive chat with Bash
What is an aggregated sink in Google Cloud Logging?
Open an interactive chat with Bash
How does Cloud Monitoring alerting policy work in Google Cloud?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Ensuring solution and operations excellence
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .